Random password generator

[digital_mine]

Good morning folks.

Since have different STRONG password for each website we are using that accepts BITCOIN is a necessity in the cryptosphere, I want to share here a very simple program I've written in python to create very strong random passwords.


here the link:

https://github.com/digital-mine/password_generator


Hope some of you will find it useful, of course is free to use

[psycodad]

There are a few things you would need to improve before your script gets useful and stops being dangerous for people using it:

You should at least seed the random number generator first, but ideally you should not use the random module at all for tasks like this. The python docs for random say:

Warning

The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.

For security and cryptographic purposes you should always use os.urandom, some examples of how to use it can be found here:

https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python

The current version of your script most probably produces easy to predict passwords which are not secure at all.

[digital_mine]

There are a few things you would need to improve before your script gets useful and stops being dangerous for people using it:

You should at least seed the random number generator first, but ideally you should not use the random module at all for tasks like this. The python docs for random say:

Warning

The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.

For security and cryptographic purposes you should always use os.urandom, some examples of how to use it can be found here:

https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python

The current version of your script most probably produces easy to predict passwords which are not secure at all.

Thank you for your time to read my post!
I'll upgrade the script following your suggestion ASAP.

[psycodad]

There are a few things you would need to improve before your script gets useful and stops being dangerous for people using it:

You should at least seed the random number generator first, but ideally you should not use the random module at all for tasks like this. The python docs for random say:

Warning

The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.

For security and cryptographic purposes you should always use os.urandom, some examples of how to use it can be found here:

https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python

The current version of your script most probably produces easy to predict passwords which are not secure at all.

Thank you for your time to read my post!
I'll upgrade the script following your suggestion ASAP.

You're welcome.

I think you could simply use os.urandom with hashlib.sha256 to create pretty random and secure passwords of any length, i.e.:

Code:

import sys, os, hashlib, base64
pwlen = sys.argv[1]
pw_hash = hashlib.sha256(os.urandom(128))
print base64.b64encode(pw_hash.hexdigest())[0:int(sys.argv[1])]

I am sure there are plenty of improvements for above method but it should give you and idea. Though if you are on a Linux system for example, you can do all of this in a bash one-liner.

HTH

[digital_mine]

There are a few things you would need to improve before your script gets useful and stops being dangerous for people using it:

You should at least seed the random number generator first, but ideally you should not use the random module at all for tasks like this. The python docs for random say:

Warning

The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.

For security and cryptographic purposes you should always use os.urandom, some examples of how to use it can be found here:

https://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python

The current version of your script most probably produces easy to predict passwords which are not secure at all.

Thank you for your time to read my post!
I'll upgrade the script following your suggestion ASAP.

You're welcome.

I think you could simply use os.urandom with hashlib.sha256 to create pretty random and secure passwords of any length, i.e.:

Code:

import sys, os, hashlib, base64
pwlen = sys.argv[1]
pw_hash = hashlib.sha256(os.urandom(128))
print base64.b64encode(pw_hash.hexdigest())[0:int(sys.argv[1])]

I am sure there are plenty of improvements for above method but it should give you and idea. Though if you are on a Linux system for example, you can do all of this in a bash one-liner.

HTH

Thank you again!

I'll definitely study your suggestion further, and I'll try to implement.

Just to say, my current version doesn't simply generate a random password from the python lib, it produce each character using the random lib than, substitute from 1 to 3 characters (randomly) into numbers, and than again   substitute from 1 to 3 characters into capital letters.

I know that there is a big room for improvement.

[nastyagav]

I just downloaded it and used it on my system. I like it. Thank you very much

[digital_mine]

I just downloaded it and used it on my system. I like it. Thank you very much

You are welcome but be aware of what  @psycodad said!
Maybe add some extra character by your own to increase the safety